UK government now scans all internet-connected devices to assess vulnerabilities

Anyone can request exemptions

Parliament may be a circus, but the UK government isn’t entirely made up of incompetent hands – except for those who thought it would be a good idea to store data of COVID-19 cases on Excel spreadsheets (that’s right, look at it at the top). This should reassure or dread, depending on the objectives set. Take the National Cyber ​​​​Security Center for your consideration: it has just launched a program that systematically scans all Internet-connected devices based in the country as an intelligence-gathering method to investigate current hacking threats and preparedness. to safety.


The NCSC – which falls under Britain’s largest intelligence-gathering agency, GCHQ – launched its digitization program earlier this month (via BleepingComputer). This involves making connection requests to individual servers and devices and logging any responses received with the date, time and IP addresses involved. The Center then analyzes the responses to see if the reported software versions match those it has logged with the reported vulnerabilities. The idea, along with frequent scans, is to develop snapshots of the UK’s preparedness against potential attacks.

In a blog post, outgoing NCSC CTO Ian Levy wrote that the scans are similar to those performed by private cybersecurity firms. He also said he expects the complexity of the scans to increase over time and the agency will have more to report in April at the CYBERUK conference. The Center has released the IP addresses and related domain where the scans will come from —;, and; Clients will see HTTPS requests tagged with an identifying header. Anyone can email the agency at [email protected] to request that certain IP addresses be exempted from scanning.